WSO2 多个产品跨站脚本漏洞

WSO2 API Manager and others are products of WSO2, Inc.WSO2 API Manager is an API lifecycle management solution.WSO2 Dashboard Server is a dashboard server.WSO2 Identity Server IS is an identity server. A security vulnerability exists in several WSO2 products that stems from incorrect output...

Exploit for Path Traversal in Wso2 Api_Manager

CVE-2022-29464 WSO2 RCE CVE-2022-29464 exploit and writeup...

WSO2 API Manager 路径遍历漏洞

WSO2 API Manager is an API lifecycle management solution from US-based WSO2. WSO2 API Manager suffers from a path traversal vulnerability that allows unlimited file uploads and remote code execution...

CVE-2022-29464

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps...

PT-2022-2322 · Wso2 · Wso2 Identity Server Analytics +5

Name of the Vulnerable Software and Affected Versions: WSO2 API Manager versions 2.2.0 through 4.0.0 WSO2 Identity Server versions 5.2.0 through 5.11.0 WSO2 Identity Server Analytics versions 5.4.0, 5.4.1, 5.5.0, and 5.6.0 WSO2 Identity Server as Key Manager versions 5.3.0 through 5.11.0 WSO2...

PT-2022-2550 · Wso2 · Wso2 Identity Server Analytics +8

Name of the Vulnerable Software and Affected Versions: WSO2 API Manager versions 2.2.0 through 4.0.0 WSO2 API Manager Analytics versions 2.2.0 through 2.6.0 WSO2 API Microgateway version 2.2.0 WSO2 Data Analytics Server version 3.2.0 WSO2 Enterprise Integrator versions 6.2.0 through 6.6.0 WSO2 IS...

CVE-2021-43700

An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8...

CentOS Web Panel 0.9.8.1081 - Stored Cross-Site Scripting Vulnerability

Exploit Title: CentOS Web Panel 0.9.8.1081 - Stored Cross-Site Scripting XSS Exploit Author: Dinesh Mohanty Vendor Homepage: http://centos-webpanel.com Software Link: http://centos-webpanel.com Version: v0.9.8.1081 Tested on: CentOS 7 and 8 Description: Multiple Stored Cross Site Scripting Stored...

(0Day) WSO2 API Manager JMX Use of Hard-coded Credentials Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of WSO2 API Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JMX RMI service, which listens on TCP port 11111 by default. The service contains a...

Micro Focus Secure API Manager Information Disclosure Vulnerability

Secure API Manager is a complete solution from Micro Focus USA for creating, managing, maintaining, and monitoring the APIs you use in your IT environment.It provides a repository where you can store and manage all the APIs you use. An information disclosure vulnerability exists in Micro Focus...

CVE-2021-22516

Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager SAPIM product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file...

CVE-2021-22516

Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager SAPIM product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file...

Design/Logic Flaw

Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager SAPIM product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file...

CVE-2021-22516

Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager SAPIM product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file...

Micro Focus Secure API Manager 日志信息泄露漏洞

Secure API Manager is a complete solution from Micro Focus USA for creating, managing, maintaining, and monitoring the APIs you use in your IT environment.It provides a repository where you can store and manage all the APIs you use. An information disclosure vulnerability exists in Micro Focus...

Exploit for Cross-site Scripting in Wso2 Api_Manager

CVE-2020-17453 WSO2 Management Console through 5.1...

CVE-2021-20440

IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider...

Security Bulletin: IBM API Connect's API Manager is vulnerable to invitation and registration link tampering (CVE-2021-20440)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-20440 DESCRIPTION: IBM API Manager does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen...

WSO2 API Manager Cross-Site Scripting Vulnerability (CNVD-2020-60481)

WSO2 API Manager is a suite of API lifecycle management solutions from WSO2, Inc. WSO2 API Manager 3.1.0 suffers from a cross-site scripting vulnerability, which can be exploited to hijack a logged-in user's session by stealing a cookie, changing the logged-in user's password while maintaining...

CVE-2020-27885

Cross-Site Scripting XSS vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of th...